As we say goodbye to 2023, TechNational asked a panel of industry experts to unveil their insightful predictions, offering a glimpse into the future of cybersecurity in the approaching year of 2024.
Our Panel of Experts
- Greg Day, senior vice president and global field CISO at Cybereason
- Leanne Salisbury, principal consultant at Adarma
- Jason Schmitt, general manager at the Synopsys Software Integrity Group
- Thomas Richards, principal security consultant at the Synopsys Software Integrity Group
- Paige Mullen, criminologist at Advanced Cyber Defence Systems
- Chase Richardson, Head of US Operations at Bridewell
- Durgan Cooper, CEO of Juberi - Cyber Security Architects
- Guy Bauman, CMO & Co-Founder of IronVest
For any questions, comments or features, please contact us directly.
Greg Day, senior vice president and global field CISO at Cybereason
“With the increase in volumes of successfully breached companies getting close to saturation (at least 89% were successfully breached in the last 24 month, adversaries must find new targets. AI Chatbots such as ChatGPT can now enable anyone to be extremely capable at communicating in any language. As such, we must expect to see attacks move into more local languages. In our research last year, we were already seeing these attacks extending beyond the English language, and found the greatest impact occurred in non-English speaking countries.Why? I would suspect simply because they hadn’t built the experience in dealing with such attacks and AI Chatbots further accelerate this trend.”
Leanne Salisbury, principal consultant at Adarma
“The rise of AI is a hot topic for 2024 as cyber defenders try to understand more about how it will be used both for mounting attacks and as part of the defensive toolset. The Human Firewall, the reliance on employees to identify nefarious approaches, will most likely be impacted by this trend. AI-based social engineering will create more sophisticated and convincing phishing emails, voice mimicry and possibly deepfake videos based on trusted individuals or organisations. These advancements in social engineering will enable focused targeting of specific individuals and will be difficult to detect, increasing the likelihood and potential success rate of these approaches.”
Jason Schmitt, general manager at the Synopsys Software Integrity Group
“Vendor consolidation in application security will accelerate as the increasing complexity of the threat landscape will require integrated solutions with fast time-to-value that offer policy-driven automation and unified risk visibility in a single platformThe volume of software being produced today has quickly overrun application security programs’ abilities to keep up and provide an effective and reliable measure of risk. Teams no longer have the time or budget to manage multiple vendors and integration engineering projects, and still focus enough resources on actually remediating security issues. As a result, the demand for integrated SaaS platforms with AI-driven intelligence and consolidated software portfolios will certainly rise.”
Thomas Richards, principal security consultant at the Synopsys Software Integrity Group
"With the ever-expanding availability of AI/ML LLMs, companies are under pressure to use the technology for both internal and external tools and products. Both of these scenarios will introduce new risks to an organization that didn’t exist 6 months ago – and there’s little guidance on how to deploy these systems securely. Based on trends we have seen with early adoption of mobile and cloud technologies; I expect there to be some major breaches and compromises during the infancy of this technology.
"AI/ML model data poisoning and secret extraction will continue to rise in popularity as attack paths against these systems. A whole new class of attacks are now possible against this techno-social domain where humans can find ways to manipulate, or social engineer, a computer into performing actions it is programmed not to. I expect this space to expand quickly as organizations will face these challenges and new tooling is made available to both assess and provide safeguards around how the technology is used."
For any questions, comments or features, please contact us directly.
Paige Mullen, criminologist at Advanced Cyber Defence Systems
“In 2024, it is looking like SMEs are going to be an increasing target for cyber-attacks. The frequency with which SMEs are reporting data breaches and cyber-attacks has reached an alarming level. According to Forbes, small and medium-sized organisations are now the biggest targets for cyber-attacks—they are three times more likely to be targeted by cybercriminals than larger companies. The most common route for those attacks is through email. One of the challenges for them is they are just not in a position to invest in cybersecurity with the same percentage as a large enterprise. The number of malicious phishing emails has surged, with one recent report giving a figure of 1265% since Q4 2022. Organisations need to consider how they will respond 'when' you get an attack and not 'if'. Cybercriminals are looking for the low-hanging fruit, finding the easiest targets; and an SME can provide a back door into larger organisations. Sadly, the malicious actors know that small businesses don’t have deep pockets to allocate to cybersecurity like their larger counterparts. So instead of investing a great deal of time into targeting a big fish that might not take the bait, they are finding it more efficient to target several smaller companies in which they often have a higher success rate. And while a cyber-attack can be incredibly damaging for a big business, it can be completely catastrophic for a small one, with some struggling to survive the aftermath.”
Chase Richardson, Head of US Operations at Bridewell
RaaS Will Bring Hope To More Cybercriminals: "The growth of Ransomware-as-a-Service (RaaS) will catapult large-scale criminal gangs to enterprise status and level up the lower-skilled crime groups. Ransomware operators with the skills to write software for use by affiliate groups have identified a gap in the criminal market. This is accelerating the professionalization of cybercrime. Large-scale ransomware groups will achieve the size and habits of major enterprises, adopting departmental specialisms such as R&D and offering defined career structures. The only thing they won’t do in 2024, is pay taxes."
The Rise of Malware That Thinks For Itself: "Forget Terminator and Skynet or HAL 9000 on the Discovery One spacecraft, AI threats are real and all around us. AI will lower the barrier to entry for criminals but also help with detection in a way no human can, democratizing security. AI will enable more sophisticated attack methods such as polymorphic malware, which mutates with every infection, making detection a difficult task. The arms race around AI will become a distinct feature of the next 12 months, as organizations and criminals compete to take advantage of the technology."
Land of the Free, Home of the Cyberattacks: "When it comes to regulation, it often feels like it's jogging a few paces behind the sprint of technological advancements. The US remains a long way behind Europe and other regions in terms of nationwide cyber security regulation, and this will continue to have the knock-on effect of more cyber attacks on US businesses. This is despite moves by the Biden administration to improve standards in federal organizations and among its software providers. Despite the growth of threats from rogue nation-states and hacking groups, US organizations will continue to have a bare-minimum approach to cybersecurity until they are subject to more stringent requirements and penalties. This leaves the direction of US cyber regulation next year in question."
Durgan Cooper, CEO of Juberi - Cyber Security Architects
"As we approach the new year, 2024 is set to become the most prevalent for cybercrime and attacks ever - threats from a variety of sources are evolving in order to bypass existing defences, so it is vital that businesses, organisations and individuals are meeting that additional threshold in order to protect vulnerabilities within their systems.
The increased use of Artificial Intelligence (AI) will undoubtedly aid those who wish to do us harm and the human firewall is the best line of defence to compromise, but they must be adequately trained and maintained to understand the evolving threats which surround us.
As businesses and organisations become even more reliant on technology, it is imperative that appropriate preventative steps are taken to safeguard their systems. Fail to prepare, and prepare to fail. I predict that 2024 will see more significant cyberattacks than ever before - those that are readying themselves today, will set themselves well for the year ahead. Those that don’t? Expect a challenging twelve months.
Awareness is the best defence. If individuals are unaware of the potential threats, from AI-driven phishing attacks to sophisticated deepfake technology misuse, they are far more likely to potentially release sensitive data.
My advice? Enhanced employee training is a must, as cyber-attacks prey on human vulnerabilities. This includes awareness about AI-driven phishing attacks, recognising suspicious emails or communications, and understanding the importance of not sharing personal or sensitive information - including the consistent use of MFA (multi-factor authentication).
Alongside professional security assessments, recovery plans, device management, software updates and more - businesses and individuals can significantly enhance their resilience against a wide array of cyber threats anticipated in 2024. The time to prepare is now."
Guy Bauman, CMO & Co-Founder of IronVest
Consumers will continue to see a surge in card-not-present (CNP) fraud: “Research found that card-not-present fraud would make up 73% of all card payment fraud this year. Expect this trend to continue into 2024 as the dominant way of scamming consumers, especially with online shopping.
This kind of fraud occurs without a scammer needing your physical card to steal your money. Instead, all they need to get their hands on is your credit card number, personal identifying information (PII), such as your name or address, or the three-digit security code on the back.
As e-commerce continues to develop into a multi-trillion-dollar industry, consumers need to be increasingly weary of not just protecting their physical cards, but their entire digital trail.”
“Masking” as a security feature will continue to see more mass adoption: “Headed into 2024, consumers are going to continue to wise up to the fact that shopping online is similar to playing roulette – you never actually know if your information is safe.For this reason, they will continue to adopt the use of masked or virtual cards to circumvent handing over their actual card information while transacting online.”
“The critical advantage of a virtual card is that it is untraceable to your original information and single-use – meaning consumers maintain anonymity and limit their exposure to fraud to a single transaction. When it comes to data breaches and total account drains, this simple security measure can be the only tool that stands between you and life-changing fraud. Not only this, masking can also be applied to emails and phone numbers, helping to keep consumers’ most precious information under lock and key.”
The desire for consumers to keep a self-sovereign identity will prevail: “It’s no secret that consumer trust in ‘big tech’ has been in a freefall. They’re tired of having to compromise their personal data to engage with the applications and the platforms they love and for good reason – daily data breaches aren’t confidence building.”
“Headed into 2024, we will continue to see a shift in consumer demand towards the right to a self-sovereign identity, or the belief that individuals alone should have access and control of their own information.”